In slub_def.h file, the kmalloc_index() may return -1 for some special cases.
If that negative return value gets assigned to "index", it might lead to issues
later as the variable "index" is used as index to array "kmalloc_caches" in :
return kmalloc_caches[index];
Please let me know your comments.
Signed-off-by: Maxin B. John <[email protected]>
---
diff --git a/include/linux/slub_def.h b/include/linux/slub_def.h
index 45ca123..3db4b33 100644
--- a/include/linux/slub_def.h
+++ b/include/linux/slub_def.h
@@ -211,7 +211,7 @@ static __always_inline struct kmem_cache
*kmalloc_slab(size_t size)
{
int index = kmalloc_index(size);
- if (index == 0)
+ if (index <= 0)
return NULL;
return kmalloc_caches[index];
On Fri, 6 May 2011, Maxin John wrote:
> In slub_def.h file, the kmalloc_index() may return -1 for some special cases.
> If that negative return value gets assigned to "index", it might lead to issues
> later as the variable "index" is used as index to array "kmalloc_caches" in :
The value passed to kmalloc_slab is tested before the result is used.
kmalloc_slab() only returns -1 for values > 4MB.
The size of the object is checked against SLUB_MAX size which is
significantly smaller than 4MB. 8kb by default.
So kmalloc_slab() cannot return -1 if the parameter is checked first.
Hi,
On Fri, May 6, 2011 at 9:56 PM, Christoph Lameter <[email protected]> wrote:
> The value passed to kmalloc_slab is tested before the result is used.
> kmalloc_slab() only returns -1 for values > 4MB.
>
> The size of the object is checked against SLUB_MAX size which is
> significantly smaller than 4MB. 8kb by default.
>
> So kmalloc_slab() cannot return -1 if the parameter is checked first.
Thank you very much for pointing it out. I think it's a lot more clear
for me now.
Best Regards,
Maxin